CCPA: What Is It And How Start.io Has Achieved Compliance

The California Consumer Privacy Act (CCPA) entered into effect on January 1, 2020. In this post, we’ll share with you important information about Start.io’s efforts to comply with CCPA and the changes we’ve made in our documents, which you may also need to do.

Who Has To Comply With CCPA?

Companies who process personal information of California consumers from at least 50,000 devices, or have revenues of $25 million or more from California businesses or users’ data, must be compliant no matter where they are located or working from.

Start.io falls under that definition. We encourage you to check if you are bound by CCPA as well.

What Is The Purpose Of CCPA?

CCPA increases transparency between the companies who process users’ data and California consumers. These companies must have a privacy policy written in clear and precise language that is easy for users to understand, and which includes the following: which categories of data are being collected and for what purposes; and whether the personal information is being shared or “sold” to other businesses, service providers, or third parties.

In addition, the privacy policy should notify consumers about their rights granted under the CCPA, as well as the means to exercise those rights:  the right to opt-out of any “selling” of their data (including a web-based “Do Not Sell My Personal Information” link), the right to access their data, and the right to delete their data.

Start.io Compliance With CCPA:

Start.io collects, processes, uses and shares end users’ data in accordance with its End User Privacy Policy. This Privacy Policy applies to all users of the Start.io network, and covers you, in your capacity as user of the Start.io SDK, as well as other advertisers and data partners with whom Start.io shares end users’ data, such as the data collected through the SDK embedded in your mobile app.

Start.io has updated its Privacy Policy to be compliant with CCPA. The Privacy Policy elaborates the categories of data collected from users, the sources of the data, the purpose for collection of the data and its usage, which includes sharing of data with third parties. End users may exercise all rights granted under the CCPA such as: opt out, deletion of data and access to their data.

These rights may be exercised by contacting Start.io support (at the contact us icon below).

In addition, Start.io has implemented a “Do Not Sell My Personal Information” button on its website and made a toll free number available to its users. Both may be used for opting out of Start.io services. Users who request to opt out from Start.io services are anonymized, by deletion of their unique identifier (advertising ID).

Start.io does not collect any identified information such as names, emails, phone numbers, or social security numbers. The only identifiable data collected is the user advertising ID.

In addition, Start.io does not collect any sensitive information (such as physical or mental health or condition, ethnic or communal origin, or intimate affairs or sexual life), nor does it knowingly collect any information from apps designated to children. Considering these restrictions, Start.io is not obliged to request users’ consent prior to collection of their data.

Information For Publishers:

If you use Start.io’s Services in a way that causes Start.io to collect personal information from California residents, you must provide all notices and disclosures required by the CCPA, including by clearly and conspicuously posting a link to communicate to California residents that they may opt out of any sales of their personal information.

Behind such link, you must explain to end users that they may opt out of any sales of their personal information by using their mobile platform settings (on iOS, by enabling the “Limit Ad Tracking” setting, and on Android devices, by enabling the “Opt out of Ads Personalization” setting).

In addition to updating our privacy policy, we have made some adjustments to your Publisher Agreement. As a publisher using the Start.io SDK, you are required to include a notice and link to the Start.io Privacy Policy in your mobile app or privacy policy. You can find the content of the notice in your Publisher Agreement (Section 7.3(c)).

Such notice is in addition to the notice and affirmative consent of EU users, which you are required to obtain, and report to Start.io thereof, under GDPR (Section 7.3(b) of the Publisher Agreement).

In addition, you are required to enable users of your mobile app to exercise their rights under CCPA, as well as under other laws and regulations, and immediately and truly report to Start.io in regard of their choices and requests.